• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

COM2001 Alexis Server Web Access Plaintext Password Vulnerabilty

COM2001 Alexis Server is commercial voicemail/internet-based PBX management software for Microsoft Windows NT/2000 and Exchange systems.

The Web Access component in Alexis Server transmits usernames/passwords in plaintext. Alexis Server v2.1 has the option to secure transmissions using SSL. However, as a side effect the Web Access toolbar opens a java applet which sends the username/password back to the server.
If the transmitted information is sniffed at this point then the username/password will be disclosed to the attacker.

It should be noted that Alexis Server 1.1 is not prone to this issue. Alexis Server 2.0 should be considered extra vulnerable as it does not include the option to use SSL to secure communications.

Sucessful exploitation of this issue will allow a remote attacker to gain unauthorized access to voicemail and PBX services.